News

IT risks rising up audit committee agendas

Research by KPMG's Audit Committee Institute covering more than 1,300 audit committee members in 25 countries around the world has found that nearly a third (30%) are not satisfied that their committee spends sufficient time looking at IT risk issues, with a further 59% only "somewhat" satisfied.

Two-thirds of audit committee members say that they have primary oversight responsibility for issues relating toIT compliance and controls, half of them say they take responsibility for oversight of business continuity issues and 45% for information security and privacy - but more than one in five (21%) say they have primary oversight responsibility for none of these.

Tim Copnell, director of KPMG's Audit Committee Institute in the UK, said: "The survey showed that 9 out of 10 audit committee members felt they had improvements to make in the oversight of IT risk issues. This is a worrying trend given that organisations are now so dependent on IT. If audit committees (or equivalent bodies) are not able to give sufficient attention to the oversight of IT risk, companies might be unwittingly exposed to risk. Some boards may consider the oversight of IT risk to fall outside the remit of the audit committee. If a separate committee or the board itself takes up the mantle, the board must be satisfied that they have access to sufficient skills to examine the issues appropriately."

The top priorities overall for audit committee members in 2007 remain the more traditional areas of risk management, internal controls and accounting judgements.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy